The full source code for the Cerberus banking malware has been released online after being leaked by one of its developers, cyber security company Kaspersky has found.
Kaspersky experts have been monitoring Cerberus since July 2020, although the Trojan virus was originally tracked in the summer of 2019.
In late February 2020, ThreatFabric researchers published a report claiming that Cerberus had been restructured and enhanced with RAT (Remote Access Trojan) abilities and was capable of stealing multi-factor authentication (2FA) tokens from Google Authenticator.
Although at the time Cerberus was still in its test phase, ThreatFabric warned users that the malware could be released “soon”.
Their predictions were proven right in late July, when the Cerberus source code went up for auction after the breakup of its development team.
Kaspersky researchers have found that one of the authors made the decision to publish the project source code on a popular Russian-speaking underground forum, most likely intending it to be accessed only by premium users.
However, cyber criminals are now able to acquire Cerberus for free, resulting in a rapid increase in cyber attacks on mobile banking in Russia as well as other European countries.
Kaspersky security researcher Dmitry Galov said that the “findings regarding Cerberus v2 are a warning to everyone implicated by Android security and Android banking security in particular”.
“We’re already seeing an increase in attacks on users since the source code was published. It’s not the first time we’ve seen something like this happen, but this boom of activity since the developers abandoned the project is the biggest developing story we’ve tracked for a while,” he added.
RELATED RESOURCE
Defence in depth: Closing the gaps in Microsoft 365 security
Exploring the security challenges facing organisations with a reliance on Microsoft 365
“We continue to investigate all found artefacts associated with the code, and will track related activity. But, in the meantime, the best form of defence that users can adopt involves aspects of security hygiene that they should be practicing already across their mobile devices and banking security.”
Kaspersky has warned Android users to only download and install applications from the Google Play store, as well as deactivate the function in smartphone settings for installing programmes from unknown sources.
Back in February, ThreatFabric reported that Cerberus was able to target communication applications such as Gmail, Outlook, and Telegram, as well as numerous banking applications, including Lloyds Bank Mobile Banking, Wells Fargo Mobile, and Santander.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
CronRat Magecart malware uses 31st February date to remain undetectedNews The malware allows for server-side payment skimming that bypasses browser security
-
Mekotio trojan continues to spread despite its operators’ arrestsNews Hackers have used it in 100 more attacks since arrests
-
“Trojan Source” hides flaws in source code from humansNews Organizations urged to take action to combat the new threat that could result in SolarWinds-style attacks
-
What is Emotet?In-depth A deep dive into one of the most infamous and prolific strains of malware
-
Fake AnyDesk Google ads deliver malwareNews Malware pushed through Google search results
-
Hackers use open source Microsoft dev platform to deliver trojansNews Microsoft's Build Engine is being used to deploy Remcos password-stealing malware
-
Qbot malware surges into the top-ten most common business threats
News An evolved form of the banking Trojan was distributed by number one-ranking Emotet in a campaign that hit 5% of businesses globally
-
BlackRock banking Trojan targets Android apps
News Trojan steals login credentials and credit card information and has targeted more than 300 apps
